ShadowMap allows you to forward alerts directly to your Security Information and Event Management (SIEM) system using standard Syslog protocol.
This guide walks you through setting up a Syslog integration in ShadowMap and configuring alert routing based on SLA & Alerts rules.
Step 1: Navigate to the SIEM (Syslog) Integration Settings
Go to Settings in your ShadowMap dashboard.
Click on Integrations.
Select SIEM (Syslog) Integrations.
Step 2: Add a New Syslog Integration
Fill in the required fields:
Integration Name: A name to identify this integration (e.g., "SIEM - Mumbai").
Host: The IP address or hostname of your Syslog server.
Protocol: The protocol used (TCP or UDP).
Port: The port your Syslog server listens on (commonly 514).
Click on Create Integration to save the configuration.
Step 3: Configure Alert Routing
Once your SIEM integration is added:
Go to the SLA & Alerts module in ShadowMap.
Choose which alerts should be sent to which SIEM integrations.
Create custom rules based on severity, tags, or asset groups.
You can set up multiple SIEM integrations and route alerts independently to each one using the flexible rule engine.
Step 4: Whitelist ShadowMap IPs
To ensure successful connectivity, whitelist the following IP ranges on your firewall:
India Data Center:
157.119.40.0/25
If you have a dedicated ShadowMap instance, please contact Support to get your specific IP range for whitelisting.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article